Doing the Twitter two-step (login)

Scott Kleinberg and Amy Guth, Tribune Newspapers

Logging into Twitter potentially just got a whole lot safer. The company has unveiled its own form of two-step authentication called login verification.

Although not the first platform to offer enhanced security, recent hacking of high-profile accounts make it most welcome. When signing into your Twitter account at twitter.com, a second check in the form of a text message delivered to your registered phone helps to ensure it's you.

Here's how to add it to your account.

First, make sure you are signed into Twitter on twitter.com. Then, click on the gear icon and choose "settings." Scroll down until you see "account security" and "require a verification code when I sign in." Check that box. If you don't have a registered phone number attached to your Twitter account, there's a link to add it there.

Once you are set up, you'll receive an SMS message each time you sign in at twitter.com. You'll see a screen that asks you to enter that number before your sign-in will work.

The good news is if you are already logged into Twitter when you activate login verification, you won't be kicked out. But you will need a temporary password if you log in afterward to any site that requires your twitter credentials. You can find more information about this under the applications tab of your account settings.

Of course, this doesn't mean your password should be 123456. While two-step login verification adds an extra step in order to access your account, practicing safe social is still important. Here are some tips to keep in mind:

•Use a unique and complex password. Ideally, your password will contain a combination of upper- and lower-case letters, symbols and numbers, are at least eleven characters in length, do not spell anything and are not used on other accounts. Better to have "fGJs239#GY9&mjg" as a terribly inconvenient password and never have an account breach than to have an easily remembered password and have your account compromised. (Just be sure you store your password someplace safe so you can remember it.)

•Review apps and add-ons regularly. Be sure to review all apps and add-ons associated with your Twitter account (and other accounts) regularly, as each app and add-on is a potential access point. Remove apps and add-ons you no longer use. In the event of a compromised account, immediately revoke access of apps and add-ons to further protect your accounts. (Always use strong, unique passwords for apps, add-ons and other account extensions, too.)

•Use common sense when accessing viral content through Twitter. When a large volume of content is available around a news story from many sources, the spread of malware and system viruses also increases. If you see a story or photo on a social network that seems suspicious or too unbelievable to be true, trust your gut. If you want to be sure, Google the story and access it directly instead of clicking through via Twitter.

•Watch for spam and phishing. We've all seen strange tweets that appear to be a friend warning us of a "bad blog post" or "hilarious photo." If you receive a tweet that seems out of character or suspicious, avoid clicking on the accompanying link, as the account may be compromised. Avoiding links spread by these breached accounts will help avoid exposing your log-in credentials as well. Better still, be a good neighbor online and politely notify the account-holder that his or her account may have been breached to further help mitigate the damage.

Also be on the lookout for email "phishing," which generally arrives in the form of an email that appears to be from Twitter or other sites, warning you of a potential account security breach and instructing you to click through to your account. Most phishing emails looks nearly identical to ones genuinely sent by Twitter and other sites. The problem? Clicking through takes you elsewhere, and potentially exposes your log-in information. If you receive such an email and aren't sure, the simplest thing to do is to open a new browser window and go directly to twitter.com (without clicking on the link in the email) where you will be able to deal with any issues by logging in directly. The important thing to remember is that if an email seems suspicious, avoid clicking on any links within the email.

Ultimately, the common-sense rules that apply to safety in our day-to-day lives also apply here: If you see something that seems out of place, speak up. If someone in your community is in trouble, give them a hand. If something seems too good to be true, trust your instincts and steer clear.

What questions do you have about social media? Tweet them to @scottkleinberg or @amyguth. We might select yours for use in a future column.